coresw.jpg

Cybersecurity Author and INI Alumnus Visits Campus for Book Signing

May 02, 2014

Bookmark and Share

Software developers are at the front line of cyber defense. When planning his third book about security, Anmol Misra (CIT, 2005) wanted to write it from the developer's perspective.

Misra and his co-author Dr. James Ransome, senior director of product security at McAfee, an Intel Company, reflected on years of lessons learned and experiences with Fortune 500 clients and devised a methodology that builds security into software development. The newly published book Core Software Security, Security at the Source takes an innovative approach that engages the creativity of the developer.

"Despite best intentions and efforts, software is not secure. Often we see companies trying to go back and fix problems later once software is released. This costs tremendous amounts of money and effort, while also leaving people vulnerable. My co-author and I wanted to share why the one-size-fits-all approach leads to insecure software development," said Misra, who earned a Master of Science in Information Networking at Carnegie Mellon's Information Networking Institute (INI).

The statistics are compelling. Despite quick responses by vendors to release patches and upgrades for compromised operating systems and software, cyber attacks continue to be on the rise. The year 2013 experienced the highest number in five years with 4,794 reported security vulnerabilities or 13 per day, according to the National Vulnerability Database. Enterprises have not been successful in developing secure software consistently—a trend that is likely to continue as companies and individuals alike increasingly depend on the Internet for technologies such as cloud computing, mobile devices and networked appliances and vehicles.

The book covers embedding security as a part of existing software development methods, and how security can be a business enabler and a competitive differentiator. Throughout the book, the authors describe a modern, holistic framework for software security that includes people, process and technology. The book includes metrics, cost effectiveness, case studies, threat modeling and considerations for mobile software and privacy.

Anmol Misra"First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats," said Dr. Dena Haritos Tsamitis, director of the INI.

Misra will visit campus Friday, May 9. The community is invited to meet the author for a book signing from 4:00 – 5:00 p.m. at the University Store, Jared L. Cohon University Center. The book may be purchased at the signing.

The book is also available at www.amazon.com and www.crcpress.com.

Pictured: Anmol Misra last visited Carnegie Mellon during 2013 Ceilidh Weekend for a talk about the mobile security book Android Security, Attacks and Defenses, which he co-wrote with INI alumnus Abhishek Dubey (CIT, 2006).